Vulnerability ID 5959

Adobe Acrobat Reader 9.5.1/10.1.3 buffer overflow

Adobe
CVSSv3 Temp ScoreCurrent Exploit Price (≈)
4.8$2k-$5k

A vulnerability classified as critical was found in Adobe Acrobat Reader 9.5.1/10.1.3. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was shared 08/14/2012 by John Leitch with Microsoft Vulnerability Research as APSB12-16 as confirmed bulletin (Website). The advisory is shared for download at adobe.com. The vendor cooperated in the coordination of the public release. This vulnerability is known as CVE-2012-4148 since 08/07/2012. The exploitation appears to be difficult. The attack can only be initiated within the local network. The exploitation doesn't need any form of authentication. Technical details are unknown but a private exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 61561 (Adobe Acrobat < 10.1.4 / 9.5.2 Multiple Vulnerabilities (APSB12-16)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows. The commercial vulnerability scanner Qualys is able to test this issue with plugin 120295.

Upgrading to version 9.5.2 or 10.1.4 eliminates this vulnerability. The upgrade is hosted for download at get.adobe.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at SecurityFocus (BID 54946), Secunia (SA50281), SecurityTracker (ID 1027386) and Vulnerability Center (SBV-35882). See 5953, 5954, 5955 and 5956 for similar entries.

CVSSv3

Base Score: 5.0 [?]
Temp Score: 4.8 [?]
Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C [?]
Reliability: High

CVSSv2

Base Score: 4.3 (CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:P) [?]
Temp Score: 3.7 (CVSS2#E:ND/RL:OF/RC:C) [?]
Reliability: High

AVACAuCIA
LHMNNN
AMSPPP
NLNCCC
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Buffer overflow (CWE-119)
Local: No
Remote: Partially

Availability: Yes
Access: Private

Current Price Estimation: $25k-$50k (0-day) / $2k-$5k (Today)

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k


Nessus ID: 61561
Nessus Name: Adobe Acrobat < 10.1.4 / 9.5.2 Multiple Vulnerabilities (APSB12-16)
Nessus File: adobe_acrobat_apsb12-16.nasl
Nessus Family: Windows
OpenVAS ID: 802937
OpenVAS Name: Adobe Reader Multiple Vulnerabilities - Mac OS X
OpenVAS File: gb_adobe_prdts_mult_vuln_aug12_macosx.nasl
OpenVAS Family: General
Qualys ID: 120295

Countermeasures

Recommended: Upgrade
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known

Upgrade: Acrobat Reader 9.5.2/10.1.4
PaloAlto IPS: 34907

Timeline

08/07/2012 CVE assigned
08/14/2012 +7 days Advisory disclosed
08/14/2012 +0 days Countermeasure disclosed
08/14/2012 +0 days OSVDB entry created
08/14/2012 +0 days VulnerabilityCenter entry assigned
08/15/2012 +1 days NVD disclosed
08/15/2012 +0 days VulnerabilityCenter entry created
08/17/2012 +2 days VulDB entry created
06/17/2014 +669 days VulnerabilityCenter entry updated
04/20/2016 +673 days VulDB entry updated

Sources

Advisory: APSB12-16
Researcher: John Leitch
Organization: Microsoft Vulnerability Research
Status: Confirmed
Confirmation: adobe.com
Coordinated: Yes

CVE: CVE-2012-4148 (mitre.org) (nvd.nist.org) (cvedetails.com)

SecurityFocus: 54946
Secunia: 50281 - Adobe Reader / Acrobat Multiple Vulnerabilities, Highly Critical
SecurityTracker: 1027386 - Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code
Vulnerability Center: 35882 - [APSB12-16] Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability (CVE-2012-4148), Critical
OSVDB: 84619 - Adobe Reader / Acrobat Unspecified Memory Corruption (2012-4148)

See also: 5953, 5954, 5955, 5956, 5957, 5958, 5960, 5961, 5962, 5963, 5964, 5965, 5966, 5967

Entry

Created: 08/17/2012
Updated: 04/20/2016
Entry: 94.4% complete